# Reply to post: Re: XKCD has been totuting the complexity angle for years

### Android apps prove a goldmine for dodgy password practices

#### Re: XKCD has been totuting the complexity angle for years

Why not just use combinatorics to prove your case? Take a simple dictionary of 300 words compared to say, 64 printable characters.

64P8 is 64!/56!, which calculates to 178462987637760. Sounds impressive, but...

300P7 is 300!/293!. I reduce that to...300*299*298*297*296*295*294...203810340189456000. One less item, but plenty more entropy. Make it like for like (300P8) and we get...59716429675510608000. Nice thing about factorials. They run away pretty quickly.

IOW, even with a simplified dictionary, 7 random words gives you more entropy than 8 random characters out of 64 and may be easier to remember using "memory theater" mnemonics. Now try a sizable chunk of your typical English dictionary and see how quickly that number runs away again.

## POST COMMENT House rules

Not a member of The Register? Create a new account here.